June 23rd, 2004, 06:16 PM
Just a heads up that I just got an email telling me to bring my microsoft products up to date using an attached file named Patch82.exe. Luckily out mail filter kept the exe. I'm not sure if this is a large scale thing and I don't know how new it is but there was only 3 hits on Google. I know none of us here at AO would fall for this, but I know a lot of you admin networks with some not-so-bright users, so keep your eyes open.
Here is the mail text:
Microsoft All Products | Support | Search | Microsoft.com Guide
this is the latest version of security update, the "June 2004, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three new vulnerabilities. Install now to protect your computer from these vulnerabilities. This update includes the functionality of all previously released patches.
System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.
Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.
Thank you for using Microsoft products.
Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.
Contact Us | Legal | TRUSTe
Obviously all the links point back to Mircosoft.
The sender was: MS Security Support <firstname.lastname@example.org>
And the Recipient was: Commercial Consumer <email@example.com>
Hopefully this doesn't cause anyone too many problems.
June 23rd, 2004, 06:24 PM
This method have been used for quiet a while, if users are not aware now, i don't know. Tx for the heads up man !
June 23rd, 2004, 06:36 PM
Obviously the method of spoofing being a respected company to distribute virii, worms, trojans, etc... is not new, but everytime a new one comes out, people believe it to be the real thing. Unfortunately it is necessary to make users aware of each one. As the old saying goes "Give a man a fish and he eats for a day, teach a man to fish and he eats for life" but that doesn't seem to work. We need to feed the users their fish every day.
\"When you say best friends, it means friends forever\" Brand New
\"Best friends means I pulled the trigger
Best friends means you get what you deserve\" Taking Back Sunday
June 24th, 2004, 02:11 PM
W32.Swen.A@mm is a mass-mailing worm that uses its own SMTP engine to spread itself. It attempts to spread through file-sharing networks, such as KaZaA and IRC, and attempts to kill antivirus and personal firewall programs running on a computer.
The worm can arrive as an email attachment. The subject, body, and From: address of the email may vary. Some examples claim to be patches for Microsoft Internet Explorer, or delivery failure notices from qmail.
W32.Swen.A@mm is similar to W32.Gibe.B@mm in function, and is written in C++.
This worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at: http://www.microsoft.com/technet/sec.../MS01-020.asp.
1 version of Swen and 3 or so versions of Gibe..
W32.Gibe.B@mm is a variant of W32.Gibe@mm. This mass-mailing worm uses Microsoft Outlook and its own SMTP engine to send itself to all the contacts in the Microsoft Outlook Address Book and the Windows Address Book. The email is disguised as a Microsoft Security Update and it arrives with an attachment that has a .exe or .zip file extension.
Still doing the rounds.. bit like Netsky.p is stil bouncing off systems.. and the odd Yaha, oh and who remembers Klez?.. removed one the other day..
If you want to get more info on any of these.. visit http://securityresponse.symantec.com...r/vinfodb.html
have been meaning to see waht happens if "Stoned"was let loose on a XP Box..nothing I suspect.. would cause a stir..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr